<?php
  include 'header.php';
  include '../functions.php';
  if ($_SESSION['user_level'] != 1) {header('location: signin.php');}
  if (isset($_GET['uid']) )
  {$uid = mysql_real_escape_string($_GET['uid']);}
  else
  {echo "An error occured!";die;}
  if ($uid > 1) {
  
  if ($_SERVER['REQUEST_METHOD'] != 'POST')
  {
      $sql = $db->query("SELECT * FROM " . $table_prefix . "users WHERE user_id = $uid LIMIT 1");
      if (!$sql) {
          echo "An error occured! Please try again later.";
          die;
      }
      $row = $db->fetch_array($sql,'assoc');
if($row['show_email'] == 1) {$emy = "checked"; $emn = "";}
if($row['show_email'] != 1) {$emy = ""; $emn = "checked";}

$show_age = $row['user_show_age'];
$agey="";$agen="checked";
if ($show_age==1) {$agey="checked";$agen="";}

$gender = $row['user_gender'];
$gender_image = "";
$male_c = "";
$female_c="";
if ($gender ==1) {$male_c = "selected"; $female_c="";
$gender_image = "<img align='absmiddle' src='../style/$default_style/img/male.gif'>";}
if ($gender ==2) {$male_c = ""; $female_c="selected";
$gender_image = "<img align='absmiddle' src='../style/$default_style/img/female.gif'>";}

$me = $row['user_about'];

$me = str_replace("<br>", "\n", $me );
$me = BBDecode($me);

echo "<form method='post' action=''>
<div align='center'><table border=1 style='width:550px;'><tr><th><b>&nbsp;Edit user</b></th><th></th></tr>
<tr><td align='right' height = '32px'>Username:</td><td>&nbsp;<input value='$row[user_name]' id='forum' type='text' name='username' size='40'/></td>

<tr><td align='right' height = '32px'>Password:</td><td>&nbsp;<input value='' id='forum' type='password' name='password' size='40'/></td>

<tr><td align='right' height = '32px'>Email:</td><td>&nbsp;<input value='$row[user_email]' id='forum' type='text' name='email' size='40'/></td>

<tr>
<td height='32px'><div align='right'>Display email publicly:</td><td>&nbsp; <input type='radio' name='public_email' $emy value='1' /> Yes
<input type='radio' name='public_email' $emn value='0' /> No</td></tr>

<tr><td align='right' height = '32px'>Language:</td><td>&nbsp;<input value='$row[user_lang]' id='forum' type='text' name='lang' size='40'/></td></tr>

<tr><th><b>&nbsp;Contact information</b></th><th></th>
<tr><td align='right' height = '32px'>$l_msn:</td><td>&nbsp;<input value='$row[user_msn]' id='forum' type='text' name='msn' size='40'/></td></tr>

<tr><td align='right' height = '32px'>$l_www:</td><td>&nbsp;<input value='$row[user_www]' id='forum' type='text' name='www' size='40'/></td></tr>

<tr><td align='right' height = '32px'>$l_location:</td><td>&nbsp;<input value='$row[user_location]' id='forum' type='text' name='location' size='40'/></td></tr>

<tr><td align='right' height = '32px'>$l_occ:</td><td>&nbsp;<textarea style='width:250px;height:50px;font-size:11px;' name='occupation'>$row[user_occupation]</textarea></td></tr>

<tr><td align='right' height = '32px'>$l_interests:</td><td>&nbsp;<textarea style='width:250px;height:50px;font-size:11px;' name='interests'>$row[user_interests]</textarea></td></tr>

<tr><td align='right' height = '32px'>$l_birthday:<br><span style='font-size:9px;'>(DD-MM-YYYY)</span></td><td>&nbsp;<input value='$row[user_birthday]' id='forum' type='text' name='birth' size='40'/></td></tr>

<td height='36'><div align='right'>$l_dis_age:</td><td><div align='left'>&nbsp; <input type='radio' name='showage' $agey value='1' /> Yes
<input type='radio' name='showage' $agen value='0' /> No</div>

<tr>
<td height='36'><div align='right'>$l_gender:</td><td><div align='left'>
&nbsp; <select name='gender'>
<option value='0'>--</option>
<option $male_c value='1'>$l_male</option>
<option $female_c value='2'>$l_female</option>
</select> $gender_image
</div> </td></tr>

<tr>
<td height='36'><div align='right'>$l_about_me<br>$l_about_max_char<br><br><a href='../style/default/help_bbcode.html' target='_blank' title='BBCode help'>$l_bbcode_enabled</a></div></td><td><div align='left'>&nbsp; <textarea style='width:255px;height:100px;font-size:11px;' name='aboutme'>$me</textarea></div></td></tr>

<td height='36'></td><td><div align='left'><input type='submit' class='menuButtons' value='$l_edit_profile' /></div></td>

</table></div></form>";	  
	  
$pageTitle = "Edit user";
$pageContents = ob_get_contents ();
ob_end_clean ();
echo str_replace ('<!--TITLE-->', $pageTitle, $pageContents);  		  
}
}  
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
  $msn = strip_tags(mysql_real_escape_string($_POST['msn']));
  $www = strip_tags(mysql_real_escape_string($_POST['www']));
  $location = strip_tags(mysql_real_escape_string($_POST['location']));
  $occupation = strip_tags(mysql_real_escape_string($_POST['occupation']));
  $interests = strip_tags(mysql_real_escape_string($_POST['interests']));
  $birth = strip_tags(mysql_real_escape_string($_POST['birth']));
  $password = strip_tags(mysql_real_escape_string($_POST['password']));
  $show_age = mysql_real_escape_string($_POST['showage']);
  $gender = mysql_real_escape_string($_POST['gender']);
  $me = $_POST['aboutme'];
  $me = my_nl2br($me);
  $me = convEnt2($me);
  $me  = str_replace("\n", "<br>", $me );
  $me = BBCode($me);
  $me = substr($me,0,$about_me_char);
  
  $username = trim(mysql_real_escape_string($_POST['username']));
  if (isset($_POST['password']) and $_POST['password']!="")
  {$password = sha1($_POST['password']);}
  $email = mysql_real_escape_string($_POST['email']);
  $display_email = mysql_real_escape_string($_POST['public_email']);
  $lang = mysql_real_escape_string($_POST['lang']);
  
   $sql = "UPDATE " . $table_prefix . "users SET ";
   
   $sql.=" user_msn = '$msn'";
   if ($www !="") {$sql.=", user_www = '$www'";}
   if ($gender !="" or $gender !=0) {$sql.=", user_gender = $gender";}
   if ($location !="") {$sql.=", user_location = '$location'";}
   if ($occupation !="") {$sql.=", user_occupation = '$occupation'";}
   if ($interests !="") {$sql.=", user_interests = '$interests'";}
   if ($birth !="") {$sql.=", user_birthday = '$birth'";}
   if ($me !="" ) {$sql.=", user_about = '$me'";}
   if (isset($_POST['public_email'])) {$sql.=", show_email = $display_email";}
   if (isset($_POST['password'])) {$sql.=", user_pass = '$password'";}
   //if (isset($_POST['password'])) {$sql.=", user_pass = $password";}
   $sql.=", user_show_age = $show_age ";
   $sql.=" WHERE user_id = $uid ";
   $result = $db->query($sql);
   
   if ($result) {echo "<br><div align='center'>$l_profile_upd<br><br><a href='edit_user.php?uid=$uid'>$l_back_to_prev</a><br><br></div>";}
  
}

?>
  